CVE-2016-3900

Published: Oct 10, 2016Modified: May 6, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

cmds/servicemanager/service_manager.c in ServiceManager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not properly restrict service registration, which allows attackers to gain privileges via a crafted application, aka internal bug 29431260.

Affected (7)

Products: Google: Android

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Google Android	Version 5.0.1
Google Android	Version 5.0
Google Android	Version 5.1.0
Google Android	Version 5.1
Google Android	Version 6.0.1
Google Android	Version 6.0
Google Android	Version 7.0

Related CWEs

References (8)

http://source.android.com/security/bulletin/2016-10-01.html

Source: security@android.com

Vendor Advisory

http://www.securityfocus.com/bid/93291

Source: security@android.com

https://android.googlesource.com/platform/frameworks/native/+/047eec456943dc082e33220d28abb7df4e089f69

Source: security@android.com

Issue TrackingPatch

https://android.googlesource.com/platform/frameworks/native/+/d3c6ce463ac91ecbeb2128beb475d31d3ca6ef42

Source: security@android.com

Issue TrackingPatch

http://source.android.com/security/bulletin/2016-10-01.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/93291

Source: af854a3a-2127-422b-91ae-364da2661108

https://android.googlesource.com/platform/frameworks/native/+/047eec456943dc082e33220d28abb7df4e089f69

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatch

https://android.googlesource.com/platform/frameworks/native/+/d3c6ce463ac91ecbeb2128beb475d31d3ca6ef42

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatch

Timeline

No history available yet.